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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims : 
1-27. (Canceled) 

28. (Currently Amended) A computer emergency response system linked to a plurality of 
computer systems, the system comprising: 

an information section configured to collect system information for at l e ast on e of th e 
plurality of comput e r sy s t e ms and security information related to on e or mor e a security incident 
incid e nts that [[are]] is_a threat to at least one of the plurality of computer systems; 

a test bed configured to perform [[a]] an attack simulation und e r a similar condition of at 
the bed for the at least one computer system of th e plurality of comput e r syst e ms based on the 
system information and security information , under conditions similar to those of the at least one 
computer system ; and 

an assessment section configured to assess the on e or mor e security incident incid e nts 
based on the simulation. 

29. (Canceled) 

30. (Currently Amended) The computer emergency response system of claim 28, wherein 
the assessment section assesses the one or mor e security incident incid e nts by classifying the 
on e or mor e security incident incid e nts into one of several or mor e levels of attack. 

3 1 . (Currently Amended) The computer emergency response system of claim 30, further 
comprising an evaluation section configured to calculate expected damages from an attack 
based on the attack simulation and the assessed level of attack at least on e security incident 
with a similar l e v e l of attack . 

32. (Currently Amended) The computer emergency response system of claim 3 1 , further 
comprising an asset recovery section configured to provide an expected recovery time from 
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the attack for the at least one of the plurality of computer system s y stems based on the 
expected damages . 

33. (Currently Amended) The computer emergency response system of claim 30, wherein 
the assessment section is further configured to provide a test possible scenario for [[an]] the 
attack simulation on at leas t on e of the plurality of comput e r syst e ms to the test bed, 
including a method of attack and frequency of attack . 

34. (Currently Amended) The computer emergency response system of claim [[30]] 33, 
wherein the assessment section is further configured to us e th e t e st b e d to automatically 



simulation to the test bed until the security incident has been simulated on each of the 
plurality of computer systems . 

35. (Currently Amended) The computer emergency response system of claim 30, wherein 
the assessment section is further comprising an information sharing s e ction configured to 
classify the security information according to a method of attack, frequency of attack, and 
internet protocol address of a source of attack and transf e r th e classifi e d s e curity information 
to at l e ast one of th e plurality of comput e r syst e ms . 

36. (Currently Amended) The computer emergency response system of claim 28, further 
comprising a warning section configured to issue an alert to the simulat e d at least one 
computer system based on [[an]] the assessment of the on e or mor e security incident 
incid e nts by the assessment section , wherein the alert includes steps for responding to the 
security incident . 

37. (Currently Amended) The computer emergency response system of claim 28, further 
comprising a warning section configured to issue a forecast to the simulat e d at least one 
computer system based on [[an]] the assessment of the on e or mor e security incident[[s]] by 
the assessment section. 





provide additional test scenarios for the attack 
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38. (Currently Amended) A method of simulating an attack in a computer emergency 
response system that is linked to a plurality of computer systems, the method comprising: 

collecting system information for at l e a s t on e of th e p lur ali ty of comput e r systems and 
security information related to one or mor e asecurity incident incid e nts that [[are]] is_a threat to 
at least one of the plurality of computer systems; 

configuring a test bed to perform an attack simulation und e r a similar condition of at the 
test bed for the at least one computer system of th e plurality of compu ter syste m s based on the 
system information and security information, under conditions similar to those of the at least one 
computer system ; and 

performing an attack assessment for the on e or more security incident incid e nts using the 
test bed. 

39. (Canceled) 

40. (Currently Amended) The method of claim 38, wherein the attack assessment classifies 
the one or more security incident incid e nts into one of several levels of attack. 

41 . (Currently Amended) The method of claim 40, further comprising calculating expected 
damage to one or mor e of th e plurality of comput e r syst e ms from an attack based on the 
attack simulation and assessed level of attack at l e a s t on e s e curity incid e nt with a similar 
l e v el of atta c k . 

42. (Currently Amended) The method of claim 41 , further comprising calculating an 
expected recovery time from th e attack for the at least one of th e plurality of computer 
system systems based on the expected damage . 

43. (Canceled) 
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44. (Currently Amended) The method of claim 38, further comprising providing a possibl e 
test scenario for [[an]] the attack simulation on at least on e of th e plurality of computer 
syst e ms to the test bed, includin g a method of attack and fre quency of attack . 

45. (Currently Amended) The method comput e r e m e rg e ncy r es pons e system of claim [[38]] 
44, wh e r e in th e p e rforming of th e attack ass e ssm e nt further comprising providing additional 
test scenarios for the attack simulation to the test bed until the security incident has been 
simulated on each of the plurality of computer systems is p e rform e d automatically for th e 
on e or mor e security incidents . 

46. (Currently Amended) The method comput e r e m e rg e ncy respon se syst e m of claim 38. 
further comprising classifying the security information according to a method of attack, time 
of attack, frequency of attack, internet protocol address of a source of the attack, internet 
service provider of the source of the attack, and country of origin of the source of the atta ck 
and transf e rring transmitting the classified security information and the attack assessment to 
at l e ast one of the at least one plurality of computer system syst e ms . 

47. (Currently Amended) The method comput e r e m e rg e ncy r e spons e syst e m of claim 38, 
further comprising issuing an alert to the simulated computer system based on the attack 
assessment , wherein the alert includes steps for responding to the security incident in real 
time . 

48. (Currently Amended) The method comput e r e m e rg e ncy r e spons e syst e m of claim 38. 
further comprising issuing a forecast to the simulated computer system based on the attack 
assessment. 

49. (Withdrawn) A computer readable medium having stored thereon computer executable 
components, the medium comprising: 

an assessment section configured to provide an assessment which evaluates and 
classifies security information related to at least one security incident; and 
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a test bed section configured to simulate an attack on one or more other computing 
systems networked with a computing device based on the assessment and provide simulation 
results. 

50. (Withdrawn) The computer readable medium of claim 49, further comprising a security 
section configured to protect the computing device from the one or more other computing 
systems based on the simulation results. 

5 1 . (Withdrawn) The computer readable medium of claim 49, wherein the attack simulation 
is further based on a database of security vulnerabilities of the one or more other computing 
systems. 

52. (Withdrawn) The computer readable medium of claim 5 1 , wherein the attack simulation 
determines whether the security vulnerabilities of the one or more other computing systems 
can be exploited based on the assessment. 

53. (Withdrawn) The computer readable medium of claim 49, wherein the assessment is 
based on a frequency which the at least one security incident occurs. 

54. (Withdrawn) The computer readable medium of claim 49, wherein the assessment is 
based on a comparison of the at least one security incident with other security incidents. 

55. (Withdrawn) The computer readable medium of claim 49, further comprising a 
collection section configured to collect the security information from the one or more other 
computing systems. 

56. (Withdrawn) The computer readable medium of claim 49, further comprising an 
information sharing section configured to send the assessment to at least one of the other 
computing systems. 

57. (Withdrawn) The computer readable medium of claim 49, further comprising an 
information sharing section configured to send the simulation results to at least one of the 
other computing systems. 

58. (Withdrawn) The computer readable medium of claim 49, wherein the at least one 
security incident relates to cyber terror. 
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59. (Withdrawn) A computer implemented method comprising: 

determining an asset value for a computing device on a network; and 

providing a damage calculation for a simulated attack on the computing device based on 
security information related to a security incident and the asset value. 

60. (Withdrawn) The computer implemented method of claim 59, further comprising 
outputting the damage calculation to a display. 

61. (Withdrawn) The computer implemented method of claim 59, wherein the security 
information comprises a likelihood of the security incident occurring. 

62. (Withdrawn) The computer implemented method of claim 59, wherein the damage 
calculation is provided in monetary units. 

63. (Withdrawn) The computer implemented method of claim 59, wherein the damage 
calculation provides an estimate of an amount of damage to the computing device from the 
simulated attack. 

64. (Withdrawn) The computer implemented method of claim 59, wherein the security 
incident relates to a hacking. 

65. (Withdrawn) The computer implemented method of claim 59, wherein the security 
incident relates to a worm. 

66. (Withdrawn) The computer implemented method of claim 59, further comprising 
collecting the security information from one or more other computing systems on the 
network. 

67. (Withdrawn) The computer implemented method of claim 59, further comprising: 

determining a second asset value for a second computing device on the network; and 

providing a second damage calculation for the simulated attack on the second computing 
device based on the security information and the second asset value. 
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68. (Withdrawn) The computer implemented method of claim 67, further comprising 
outputting the damage calculation and second damage calculation to a display. 

69. (Withdrawn) A computer implemented comprising: 

simulating an attack on a computing system based on a security vulnerability of the 
computing system and an exploit to the security vulnerability; and 

generating a risk level for the computing system based on the simulation of the attack 
and an asset value of the computing system. 

70. (Withdrawn) The computer implemented method of claim 69, wherein the security 
vulnerability comprises a service available on the computing system. 

71. (Withdrawn) The computer implemented method of claim 69, wherein the security 
vulnerability comprises an application available on the computing system. 

72. (Withdrawn) The computer implemented method of claim 69, wherein the asset value 
relates to the significance of the computing system. 

73. (Withdrawn) The computer implemented method of claim 69, further comprising 
protecting the computing system based on the simulation of the attack. 

74. (Withdrawn) The computer implemented method of claim 69, further comprising 
protecting a second computing system networked with the computing system based on the 
simulation of the attack. 

75. (New) The computer emergency response system of claim 35, further comprising an 
information sharing section configured to transmit the classified security information and the 
attack assessment to the at least one computer system. 

76. (New) The computer emergency response system of claim 3 1 , wherein the evaluation 
section is further configured to calculate the expected damages in categories of network 
exposure, system exposure, system service delay, and network service delay. 
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77. (New) The computer emergency response system of claim 76, wherein the evaluation 
section is further configured to calculate the expected damages in categories of root authority 
acquisition, data release, and data forgery. 

78. (New) The computer emergency response system of claim 76, further comprising an 
information sharing section configured to transmit the expected damages to the at least one 
computer system. 

79. (New) The computer emergency response system of claim 33, further comprising: 

a training section configured to generate training data based on the attack simulation, the 
training data configured to train the at least one computer system to prevent the security incident; 
and 

an information sharing section configured to transmit the training data to the at least one 
computer system. 

80. (New) The computer emergency response system of claim 28, further comprising a 
warning section configured to issue an alert to the at least one computer system based on the 
assessment of the security incident by the assessment section, wherein the alert includes steps 
for preventing the security incident. 
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